- Update to 3.1.0:
* Add FIPS provider configuration option to enforce the Extended Master
Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
optionally be supplied to 'openssl fipsinstall'.
* The FIPS provider includes a few non-approved algorithms for backward
compatibility purposes and the "fips=yes" property query must be used for
all algorithm fetches to ensure FIPS compliance. The algorithms that are
included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
* Added support for KMAC in KBKDF.
* RNDR and RNDRRS support in provider functions to provide random number
generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS version does not
include the renegotiation mechanism. This avoids confusion between that
scenario versus when the TLS version includes secure renegotiation but the
peer lacks support for it.
* AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
* The various OBJ_* functions have been made thread safe.
* Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
capable processors.
* The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
type-specific function definitions for these functions regardless of
whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
start receiving deprecation warnings for these functions regardless of
whether they are using them. It is recommended that users transition to the
new macro, DEFINE_LHASH_OF_EX.
OBS-URL: https://build.opensuse.org/request/show/1071820
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=57
- Update to 3.0.8:
* Fixed NULL dereference during PKCS7 data verification.
A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.
([bsc#1207541, CVE-2023-0401])
PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
* Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but the public structure definition for GENERAL_NAME incorrectly specified
the type of the x400Address field as ASN1_TYPE. This field is subsequently
interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather
than an ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to
pass arbitrary pointers to a memcmp call, enabling them to read memory
contents or enact a denial of service.
([bsc#1207533, CVE-2023-0286])
* Fixed NULL dereference validating DSA public key.
An invalid pointer dereference on read can be triggered when an
application tries to check a malformed DSA public key by the
OBS-URL: https://build.opensuse.org/request/show/1063662
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=53
- Temporary disable tests test_ssl_new and test_sslapi because they are
failing in openSUSE_Tumbleweed
- Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
* Fixed two buffer overflows in punycode decoding functions.
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])
An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])
* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
OBS-URL: https://build.opensuse.org/request/show/1032747
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=47
